1. A systematic method of identifying the assets of a data processing system, the threats to those assets, and the vulnerability of the system to those threats. [2382-pt.8] 2. In COMSEC (communications security), an organized method of estimating or calculating the probability of compromise. [After X9.49] 3.Synonym [in INFOSEC] risk assessment.